Penetration Testing mailing list archives
Re: Core Impact vs. Canvas vs. Metasploit
From: Ivan Arce <ivan.arce () coresecurity com>
Date: Tue, 02 May 2006 19:01:07 -0300
Hm ok, since somebody is asking I will take the liberty to describe some specific features of IMPACT that may be of interest. Moderator: IMPACT is a commercial tool and I work for CORE so if you deem this post unacceptable, just let me know. CORE IMPACT goes beyond being a mere exploit framework. To me that implies that a lot more things than many exploits and a nice GUI are required. Some of the things product currently (as of v5.1) has are: - A nice Windows GUI (many pointed this out already) that lets you run things with point&click, visualize all available information about any module (exploits and others), hosts, deployed agents, etc., visualize the networks as you see them from your different vantage points, automatically collect and keep track of the entire execution log and output of all modules, search, filter and selection capabilities for modules based on different criteria. All of this is done within one single interface with customizable panes. - Local, remote and client side exploits. - Server infrastructure for the client-side exploits that is used automatically when client-side attacks are run. - Network mapping, OS fingerprinting, port scanning, service identification and many other information gathering tools. - A centralized repository for all the information collected during a penetration test that is updated as the product runs (organized in workspaces) - Ability to import network mapping and vuln/port scanning information from Nmap, Nessus, Retina, GFI Languard and SAINT (with more coming) - Report generation capabilities (using Cristal Reports) with 4 pre-designed report types than can be exported to various formats. - Module automation capabilities. Built-in as a 6-step process called Rapid Penetration Test (RPT) which automates the execution of a bunch of modules that comprise a pentest from start to end based on user preferences, what the targets are and our own set of heuristics. Automation can also be done by linking modules together using macros generated using the GUI or programatically using python code. - Multi-threaded agents with strong authentication and encrypted communications using syscall proxying. These can be made persistent across reboots and run on their own process space (supplements the basic syscall proxying,low-footprint,memory-only agents) - InlineEgg, which is conceptually similar to and pre-dates MOSDEF and Meterpreter. InlineEgg does not pre-compile or require any specific language (other than python) but rather provides a Python interface to do things with payloads. - DCE/RPC and SMB fragmentation and encryption support for MS RPC exploit modules - connect to, connect from, reuse socket and HTTP tunnel connection methods for payloads - process enumeration, injection and hoping capabilities - keystroke logger, sniffer, dll injection, credential collection (SAM dumping), reuse (pass the hash, NTLM authentication,etc) and export (so you can crack with external programs) capabilities. - multimedia tools (grab video frame, record audio, run any MCI command on target) - all modules are written in Python so you can inspect, modify them or write your own from scratch. All the capabilities of Python and its standard libraries are available to a module. - All exploits are throughly tested and documented, including the specific set of platforms they work against. All exploits are regression tested on a daily basis against all their supported targets with all payload combinations. CORE IMPACT v1.0 was launched in April 2002 so many of the things above have evolved over the past 4 years. I would say that overall the product is quite mature for something that is entirely new to the market since its inception but obviously there are still many ways for us to improve both in maturity and innovation.
From HD Moore's latest presentations I understand that Metasploit 3.0 is
moving forward to incorporate many of the things above using Ruby and I am really glad it is actually happening. To me at least, it means that we are making a difference and that now other projects are also pushing forward with their technologies. It is a healthy and motivating thing, 5 years ago, the idea of having legitimate and valuable uses for a product that ships with exploit code seemed alien to many. The evolution of CORE IMPACT, a commercial product aimed at enterprise usage, and Metasploit, an OSS exploit research and penetration testing tool, demonstrate that things have changed. -ivan Disclaimers: - CORE IMPACT is a commercial product, and; - I work for Core Security Technologies virtuale () hushmail com wrote:
Hi, For those who have been using one or more of the subj. products - How do the products compare? What are the key technical adv/disadvantages of each product? The cost of the products is different. There must be something about the technical part that is significantly different. I'm trying to figure that out. My personal experience - both canvas and core support advanced agent chaining, modules are python-based. I'm not sure how level2-3 agents in core map to canvas's helium but level0 seem to be pretty similar in the way syscalls are proxied/socket reuse (strikingly similar, i'd say :) Encoders are similar in all three, e.g. xor, chunk, unicode/widechar. Is the price the only differentiator? V
--- "Buy the ticket, take the ride" -HST Ivan Arce CTO CORE SECURITY TECHNOLOGIES http://www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RE: Re: Core Impact vs. Canvas vs. Metasploit Sahir Hidayatullah (May 02)
- <Possible follow-ups>
- Re: Re: Core Impact vs. Canvas vs. Metasploit Greg Leclercq (May 02)
- Re: Core Impact vs. Canvas vs. Metasploit Ivan Arce (May 02)
- Re: Core Impact vs. Canvas vs. Metasploit Paul Asadoorian (May 03)